Cookie implementation in signup and signin

Curious-Ecosystem · May 24, 2024 · ee7c218 · ee7c218
1 parent 473aa1b
commit ee7c218
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 2 deletions.
diff --git a/services/Auth/package.json b/services/Auth/package.json
@@ -5,6 +5,7 @@
   "license": "MIT",
   "dependencies": {
     "bcryptjs": "^2.4.3",
+    "cookie": "^0.6.0",
     "cookie-parser": "^1.4.6",
     "dotenv": "^16.4.5",
     "express": "^4.19.2",

diff --git a/services/Auth/src/controllers/auth.controller.js b/services/Auth/src/controllers/auth.controller.js
@@ -1,7 +1,7 @@
-const jwt = require("jsonwebtoken");
 const bcrypt = require("bcryptjs");
 const User = require("../models/user.model");
 const { errorHadnler } = require("../utils/error");
+const cookie = require('cookie'); // Import the 'cookie' library
 
 async function signup(req, res) {
   try {
@@ -36,8 +36,24 @@ async function signup(req, res) {
 
     const token = user.generateAuthToken();
 
-    // getting user data format {name:"example", email:"dogeshdog@cheems.com"}
+    // Set Cookie in Header
+    res.setHeader(
+      'Set-Cookie',
+      cookie.serialize(
+        'token',
+        token,
+        {
+          httpOnly : true,
+          maxAge: 60 * 60 * 24,
+          sameSite: 'None',  // Restrict when the cookie is sent with cross-origin requests
+          secure: false,        // Send the cookie only over HTTPS in production
+          path: '/',
+        }
+      )
+    );
 
+    // getting user data format {name:"example", email:"dogeshdog@cheems.com"}
+
     const userResponse = user.getUserData();
 
     return res.status(200).json({ ...userResponse, token });
@@ -79,6 +95,22 @@ async function signin(req, res, next) {
 
     const token = user.generateAuthToken();
 
+    // Set Cookie in Header
+    res.setHeader(
+      'Set-Cookie',
+      cookie.serialize(
+        'token',
+        token,
+        {
+          httpOnly : true,
+          maxAge: 60 * 60 * 24,
+          sameSite: 'None',  // Restrict when the cookie is sent with cross-origin requests
+          secure: false,        // Send the cookie only over HTTPS in production
+          path: '/',
+        }
+      )
+    );
+
     const userResposne = user.getUserData();
 
     return res.status(200).json({ token, userResposne });